The use of security cards is wide spread for a variety of applications, including electronic payment, electronic cash and access control systems. Typically a user has to insert the card into a terminal having a card reader. In order to enable a desired financial transaction the user frequently has to input an authorization code into a keyboard of the terminal.
When the user has entered a valid authorization code the transaction is enabled. For example, payments at gas stations or other points of sales are usually performed this way by means of a credit card having an integrated circuit chip. The typical method for authenticating the user to the card by means of an authorization code involves the input of a personal identification number (PIN) into the terminal. The PIN is verified by means of the card. This verification is done by comparing the PIN with a reference PIN stored in a secret area of non-volatile memory of the card.
This usual procedure of using smart cards for providing payments at points of sale has several security risks. One risk is that the user inputs his or her PIN information through the keyboard of the terminal which is owned by a third party. The keyboard can be tampered with by the third party to read the user PIN number.
Another risk is that the terminals are typically located in public areas with no or only limited confidentiality. When the user enters his or her PIN number by means of the keyboard of the chip card terminal this can be easily observed by other customers. Especially this situation can occur when customers are queuing up in front of a point of sale terminal.
Another disadvantage of entering the PIN number into the keyboard of the chip card terminal is that users frequently make mistakes when entering the PIN number or have forgotten the correct PIN number. This requires re-entering of the PIN number such that an extended period of time for the payment transaction is required. This is especially annoying for other customers who are standing in line in front of a crowded point of sale terminal, such as in a gas station or supermarket.
The present invention therefore aims to provide an improved method of entering an authorization code into a chip card terminal and a corresponding computer program and chip card.